Details on Refining Vista's User Control 304
borgboy writes "Windows Vista has gotten a lot of negative press recently following the release of the latest beta, especially regarding excessive prompting for privilege escalation for seemingly common activities. On his blog, Steve Hiskey, the Lead Program Manager for User Account Control in the Windows Security Core group, details what the issues with the excessive prompting are, what the design goals of the feature are, and how they plan to achieve them. Briefly - they know the excessive prompting is a royal pain, they know that have to reduce it to an absolute minimum to be both productive AND an effective security risk mitigation measure, and they want as much feedback as they can get on the beta."
Re:malware safeguards (Score:5, Informative)
unfortunately, this breaks the brilliant synergy2 [sourceforge.net] tool temporarily...
It's all about the registry (Score:4, Informative)
Sometimes I wonder - rootkits use stealth techniques to intercept registry calls. Why doesn't microsoft use the same rootkit approach to "cage" the registry into the directories used by the programs you install, and let the programs only use their caged registry? That way programs would only need access to their own caged directory and maybe a temporary or data directory.
IMHO, the registry was the worst idea Microsoft could have come up with.
getting there... (Score:5, Informative)
there's still some core OS UI that's not UAC-enabled, though. for example, you can't fully configure network connection settings without running running explorer.exe elevated.
Re:It's Still In Beta Folks! (Score:5, Informative)
Some people here still expect beta to mean beta, which is conventionally intended to identify bugs in an otherwise stable product. A beta release is not, as you suggest, an invitation to change the feature set, though that has never prevented Microsoft from bending the rules at its convenience.
To be charitable, I can imagine that with this Vista beta, the codebase might indeed be as stable as what we ordinarily expect from a beta release, and so what we're looking at now is just a matter of tuning the configuration parameters so that it prompts at the right thresholds. And, on the principle of security by default, the system will initially tend toward maximum prompting. However, thinking more soberly, a secure system will have fully addressed these issues at the design level, and prompting will not be excessive but appropriate and meaningful. If it's not, that's a clear sign that the design has deeper problems than can be fixed just by changing the prompting parameters. Pardon my cynicism, but in my experience, that would be entirely typical of Microsoft.
Definition of beta at: Wikipedia [wikipedia.org].
For usability see: Whitten and Tygar [usenix.org].
Re:malware safeguards (Score:3, Informative)
maybe they should add an option to enable the build-in reader during UAC elevation...
Re:Huge Difference (Score:3, Informative)
All zealotry aside, there are things in Windows that are done very well, and there are things in Windows that completely suck, and the things that suck are almost universally due to some sort of backward compatibility concerns.
silent elevation (Score:3, Informative)
From the blog:
The problem with marking Windows binaries to "silently elevate" is that we feel it will lead to "worms" or self propagating malware.
Marking "silent elevator" should require administrative privilege, so what's the problem?
Unix has this for years, that is called "setuid root". This is extremely useful.
Also, it's very easy to have a knob to allow all signed applications to do silent elevation. Much cleaner than developing hacky shims.
Re:malware safeguards (Score:2, Informative)
Doesn't Vista does get rid of those promps? (Score:3, Informative)
Re:Considering (Score:3, Informative)
Just an FYI, if someone really wants to work with Windows 2003 server, there are tons of 120day evaluation versions they can get their hands on, even off the Microsoft Web site.
If you are doing testing or running it in a virtual environment, you can keep re-installing and using it for as long as you need. The 120day version just isn't a good choice for a production environment for long term use, as you would have to recreate all the domain, sharing, services, and user settings every six months, but it is doable...
I also agree that Windows 2003 Server was probably the best 'release' level OS version of Windows for security and stability. When it was first released, it even ran on the desktop faster than WinXP. This is why SP2 of WinXP is important, as it brought a lot of the Windows 2003 code base in the WindowsXP desktop line, more security, faster, etc.